mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 10:03:41 +01:00
66f3df4570
- changed tcrules to rules Signed-off-by: Tom Eastep <teastep@shorewall.net>
545 lines
16 KiB
XML
545 lines
16 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|
<article>
|
|
<!--$Id$-->
|
|
|
|
<articleinfo>
|
|
<title>ISO 3661 Country Codes recognized by Shorewall</title>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<firstname>Tom</firstname>
|
|
|
|
<surname>Eastep</surname>
|
|
</author>
|
|
</authorgroup>
|
|
|
|
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
|
|
|
<copyright>
|
|
<year>2012</year>
|
|
|
|
<holder>Thomas M. Eastep</holder>
|
|
</copyright>
|
|
|
|
<legalnotice>
|
|
<para>Permission is granted to copy, distribute and/or modify this
|
|
document under the terms of the GNU Free Documentation License, Version
|
|
1.2 or any later version published by the Free Software Foundation; with
|
|
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
|
Texts. A copy of the license is included in the section entitled
|
|
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
|
|
License</ulink></quote>.</para>
|
|
</legalnotice>
|
|
</articleinfo>
|
|
|
|
<section>
|
|
<title>Introduction</title>
|
|
|
|
<para>Beginning with Shorewall 4.5.4, Shorewall allows matching packet
|
|
SOURCE and/or DEST IP addresses by their corresponding country. That is
|
|
done by specifying a comma-separated list of up to 15 ISO-3661 2-character
|
|
Country Codes enclosed in square brackets ('[...]') and prefixed by a
|
|
caret ('^'). When a single country code is given, the square brackets can
|
|
be omitted.</para>
|
|
|
|
<para>Example - Drop email from the Anonymous Proxy and Satellite Provider
|
|
networks.</para>
|
|
|
|
<para><filename>/etc/shorewall/rules</filename>:</para>
|
|
|
|
<programlisting> #ACTION SOURCE DEST PROTO DEST
|
|
# PORT(S)
|
|
DROP:info net:^[A1,A2] dmz tcp 25
|
|
</programlisting>
|
|
|
|
<para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
|
|
capability in your iptables and kernel. As of this writing, that
|
|
capability requires installing <ulink
|
|
url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> 1.33
|
|
or later and <ulink
|
|
url="http://xtables-addons.sourceforge.net/geoip.php">creating a
|
|
country-code database</ulink>.</para>
|
|
|
|
<para>The Shorewall compiler uses the geoip country-code database to
|
|
determine the valid set of two-character alphanumeric country codes. The
|
|
location of that database is currently hard-coded in xtables-addons as
|
|
<filename>/usr/share/xt_geoip/</filename>. Within that directory are two
|
|
sub-directories:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>LE -- contains the little-endian database</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>BE -- contains the big-endian database</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>To accomodate both big-endian and little-endian machines as well as
|
|
any future ability to install the database at another location, Shorewall
|
|
supports a GEOIPDIR option in <ulink
|
|
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink
|
|
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5). The
|
|
default value of that option is
|
|
<filename>/usr/share/xt_geoip/LE</filename>.</para>
|
|
|
|
<para>The country codes at the time of this writing are shown in the
|
|
following two sections.</para>
|
|
</section>
|
|
|
|
<section>
|
|
<title>IPv4</title>
|
|
|
|
<programlisting> A1 => "Anonymous Proxy" ,
|
|
A2 => "Satellite Provider" ,
|
|
AD => "Andorra" ,
|
|
AE => "United Arab Emirates" ,
|
|
AF => "Afghanistan" ,
|
|
AG => "Antigua and Barbuda" ,
|
|
AI => "Anguilla" ,
|
|
AL => "Albania" ,
|
|
AM => "Armenia" ,
|
|
AN => "Netherlands Antilles" ,
|
|
AO => "Angola" ,
|
|
AP => "Asia/Pacific Region" ,
|
|
AQ => "Antarctica" ,
|
|
AR => "Argentina" ,
|
|
AS => "American Samoa" ,
|
|
AT => "Austria" ,
|
|
AU => "Australia" ,
|
|
AW => "Aruba" ,
|
|
AX => "Aland Islands" ,
|
|
AZ => "Azerbaijan" ,
|
|
BA => "Bosnia and Herzegovina" ,
|
|
BB => "Barbados" ,
|
|
BD => "Bangladesh" ,
|
|
BE => "Belgium" ,
|
|
BF => "Burkina Faso" ,
|
|
BG => "Bulgaria" ,
|
|
BH => "Bahrain" ,
|
|
BI => "Burundi" ,
|
|
BJ => "Benin" ,
|
|
BM => "Bermuda" ,
|
|
BN => "Brunei Darussalam" ,
|
|
BO => "Bolivia" ,
|
|
BR => "Brazil" ,
|
|
BS => "Bahamas" ,
|
|
BT => "Bhutan" ,
|
|
BV => "Bouvet Island" ,
|
|
BW => "Botswana" ,
|
|
BY => "Belarus" ,
|
|
BZ => "Belize" ,
|
|
CA => "Canada" ,
|
|
CC => "Cocos (Keeling) Islands" ,
|
|
CD => "Congo, The Democratic Republic of the" ,
|
|
CF => "Central African Republic" ,
|
|
CG => "Congo" ,
|
|
CH => "Switzerland" ,
|
|
CI => "Cote D'Ivoire" ,
|
|
CK => "Cook Islands" ,
|
|
CL => "Chile" ,
|
|
CM => "Cameroon" ,
|
|
CN => "China" ,
|
|
CO => "Colombia" ,
|
|
CR => "Costa Rica" ,
|
|
CU => "Cuba" ,
|
|
CV => "Cape Verde" ,
|
|
CX => "Christmas Island" ,
|
|
CY => "Cyprus" ,
|
|
CZ => "Czech Republic" ,
|
|
DE => "Germany" ,
|
|
DJ => "Djibouti" ,
|
|
DK => "Denmark" ,
|
|
DM => "Dominica" ,
|
|
DO => "Dominican Republic" ,
|
|
DZ => "Algeria" ,
|
|
EC => "Ecuador" ,
|
|
EE => "Estonia" ,
|
|
EG => "Egypt" ,
|
|
EH => "Western Sahara" ,
|
|
ER => "Eritrea" ,
|
|
ES => "Spain" ,
|
|
ET => "Ethiopia" ,
|
|
EU => "Europe" ,
|
|
FI => "Finland" ,
|
|
FJ => "Fiji" ,
|
|
FK => "Falkland Islands (Malvinas)" ,
|
|
FM => "Micronesia, Federated States of" ,
|
|
FO => "Faroe Islands" ,
|
|
FR => "France" ,
|
|
GA => "Gabon" ,
|
|
GB => "United Kingdom" ,
|
|
GD => "Grenada" ,
|
|
GE => "Georgia" ,
|
|
GF => "French Guiana" ,
|
|
GG => "Guernsey" ,
|
|
GH => "Ghana" ,
|
|
GI => "Gibraltar" ,
|
|
GL => "Greenland" ,
|
|
GM => "Gambia" ,
|
|
GN => "Guinea" ,
|
|
GP => "Guadeloupe" ,
|
|
GQ => "Equatorial Guinea" ,
|
|
GR => "Greece" ,
|
|
GS => "South Georgia and the South Sandwich Islands" ,
|
|
GT => "Guatemala" ,
|
|
GU => "Guam" ,
|
|
GW => "Guinea-Bissau" ,
|
|
GY => "Guyana" ,
|
|
HK => "Hong Kong" ,
|
|
HN => "Honduras" ,
|
|
HR => "Croatia" ,
|
|
HT => "Haiti" ,
|
|
HU => "Hungary" ,
|
|
ID => "Indonesia" ,
|
|
IE => "Ireland" ,
|
|
IL => "Israel" ,
|
|
IM => "Isle of Man" ,
|
|
IN => "India" ,
|
|
IO => "British Indian Ocean Territory" ,
|
|
IQ => "Iraq" ,
|
|
IR => "Iran, Islamic Republic of" ,
|
|
IS => "Iceland" ,
|
|
IT => "Italy" ,
|
|
JE => "Jersey" ,
|
|
JM => "Jamaica" ,
|
|
JO => "Jordan" ,
|
|
JP => "Japan" ,
|
|
KE => "Kenya" ,
|
|
KG => "Kyrgyzstan" ,
|
|
KH => "Cambodia" ,
|
|
KI => "Kiribati" ,
|
|
KM => "Comoros" ,
|
|
KN => "Saint Kitts and Nevis" ,
|
|
KP => "Korea, Democratic People's Republic of" ,
|
|
KR => "Korea, Republic of" ,
|
|
KW => "Kuwait" ,
|
|
KY => "Cayman Islands" ,
|
|
KZ => "Kazakhstan" ,
|
|
LA => "Lao People's Democratic Republic" ,
|
|
LB => "Lebanon" ,
|
|
LC => "Saint Lucia" ,
|
|
LI => "Liechtenstein" ,
|
|
LK => "Sri Lanka" ,
|
|
LR => "Liberia" ,
|
|
LS => "Lesotho" ,
|
|
LT => "Lithuania" ,
|
|
LU => "Luxembourg" ,
|
|
LV => "Latvia" ,
|
|
LY => "Libyan Arab Jamahiriya" ,
|
|
MA => "Morocco" ,
|
|
MC => "Monaco" ,
|
|
MD => "Moldova, Republic of" ,
|
|
ME => "Montenegro" ,
|
|
MG => "Madagascar" ,
|
|
MH => "Marshall Islands" ,
|
|
MK => "Macedonia" ,
|
|
ML => "Mali" ,
|
|
MM => "Myanmar" ,
|
|
MN => "Mongolia" ,
|
|
MO => "Macau" ,
|
|
MP => "Northern Mariana Islands" ,
|
|
MQ => "Martinique" ,
|
|
MR => "Mauritania" ,
|
|
MS => "Montserrat" ,
|
|
MT => "Malta" ,
|
|
MU => "Mauritius" ,
|
|
MV => "Maldives" ,
|
|
MW => "Malawi" ,
|
|
MX => "Mexico" ,
|
|
MY => "Malaysia" ,
|
|
MZ => "Mozambique" ,
|
|
NA => "Namibia" ,
|
|
NC => "New Caledonia" ,
|
|
NE => "Niger" ,
|
|
NF => "Norfolk Island" ,
|
|
NG => "Nigeria" ,
|
|
NI => "Nicaragua" ,
|
|
NL => "Netherlands" ,
|
|
NO => "Norway" ,
|
|
NP => "Nepal" ,
|
|
NR => "Nauru" ,
|
|
NU => "Niue" ,
|
|
NZ => "New Zealand" ,
|
|
OM => "Oman" ,
|
|
PA => "Panama" ,
|
|
PE => "Peru" ,
|
|
PF => "French Polynesia" ,
|
|
PG => "Papua New Guinea" ,
|
|
PH => "Philippines" ,
|
|
PK => "Pakistan" ,
|
|
PL => "Poland" ,
|
|
PM => "Saint Pierre and Miquelon" ,
|
|
PR => "Puerto Rico" ,
|
|
PS => "Palestinian Territory, Occupied" ,
|
|
PT => "Portugal" ,
|
|
PW => "Palau" ,
|
|
PY => "Paraguay" ,
|
|
QA => "Qatar" ,
|
|
RE => "Reunion" ,
|
|
RO => "Romania" ,
|
|
RS => "Serbia" ,
|
|
RU => "Russian Federation" ,
|
|
RW => "Rwanda" ,
|
|
SA => "Saudi Arabia" ,
|
|
SB => "Solomon Islands" ,
|
|
SC => "Seychelles" ,
|
|
SD => "Sudan" ,
|
|
SE => "Sweden" ,
|
|
SG => "Singapore" ,
|
|
SH => "Saint Helena" ,
|
|
SI => "Slovenia" ,
|
|
SJ => "Svalbard and Jan Mayen" ,
|
|
SK => "Slovakia" ,
|
|
SL => "Sierra Leone" ,
|
|
SM => "San Marino" ,
|
|
SN => "Senegal" ,
|
|
SO => "Somalia" ,
|
|
SR => "Suriname" ,
|
|
ST => "Sao Tome and Principe" ,
|
|
SV => "El Salvador" ,
|
|
SY => "Syrian Arab Republic" ,
|
|
SZ => "Swaziland" ,
|
|
TC => "Turks and Caicos Islands" ,
|
|
TD => "Chad" ,
|
|
TF => "French Southern Territories" ,
|
|
TG => "Togo" ,
|
|
TH => "Thailand" ,
|
|
TJ => "Tajikistan" ,
|
|
TK => "Tokelau" ,
|
|
TL => "Timor-Leste" ,
|
|
TM => "Turkmenistan" ,
|
|
TN => "Tunisia" ,
|
|
TO => "Tonga" ,
|
|
TR => "Turkey" ,
|
|
TT => "Trinidad and Tobago" ,
|
|
TV => "Tuvalu" ,
|
|
TW => "Taiwan" ,
|
|
TZ => "Tanzania, United Republic of" ,
|
|
UA => "Ukraine" ,
|
|
UG => "Uganda" ,
|
|
UM => "United States Minor Outlying Islands" ,
|
|
US => "United States" ,
|
|
UY => "Uruguay" ,
|
|
UZ => "Uzbekistan" ,
|
|
VA => "Holy See (Vatican City State)" ,
|
|
VC => "Saint Vincent and the Grenadines" ,
|
|
VE => "Venezuela" ,
|
|
VG => "Virgin Islands, British" ,
|
|
VI => "Virgin Islands, U.S." ,
|
|
VN => "Vietnam" ,
|
|
VU => "Vanuatu" ,
|
|
WF => "Wallis and Futuna" ,
|
|
WS => "Samoa" ,
|
|
YE => "Yemen" ,
|
|
YT => "Mayotte" ,
|
|
ZA => "South Africa" ,
|
|
ZM => "Zambia" ,
|
|
ZW => "Zimbabwe" ,
|
|
</programlisting>
|
|
</section>
|
|
|
|
<section>
|
|
<title>IPv6</title>
|
|
|
|
<programlisting> AD => "Andorra" ,
|
|
AE => "United Arab Emirates" ,
|
|
AF => "Afghanistan" ,
|
|
AL => "Albania" ,
|
|
AM => "Armenia" ,
|
|
AO => "Angola" ,
|
|
AP => "Asia/Pacific Region" ,
|
|
AR => "Argentina" ,
|
|
AS => "American Samoa" ,
|
|
AT => "Austria" ,
|
|
AU => "Australia" ,
|
|
AW => "Aruba" ,
|
|
AZ => "Azerbaijan" ,
|
|
BA => "Bosnia and Herzegovina" ,
|
|
BD => "Bangladesh" ,
|
|
BE => "Belgium" ,
|
|
BF => "Burkina Faso" ,
|
|
BG => "Bulgaria" ,
|
|
BH => "Bahrain" ,
|
|
BI => "Burundi" ,
|
|
BJ => "Benin" ,
|
|
BM => "Bermuda" ,
|
|
BN => "Brunei Darussalam" ,
|
|
BO => "Bolivia" ,
|
|
BR => "Brazil" ,
|
|
BS => "Bahamas" ,
|
|
BT => "Bhutan" ,
|
|
BW => "Botswana" ,
|
|
BY => "Belarus" ,
|
|
BZ => "Belize" ,
|
|
CA => "Canada" ,
|
|
CD => "Congo, The Democratic Republic of the" ,
|
|
CH => "Switzerland" ,
|
|
CI => "Cote D'Ivoire" ,
|
|
CK => "Cook Islands" ,
|
|
CL => "Chile" ,
|
|
CM => "Cameroon" ,
|
|
CN => "China" ,
|
|
CO => "Colombia" ,
|
|
CR => "Costa Rica" ,
|
|
CU => "Cuba" ,
|
|
CW => "" ,
|
|
CY => "Cyprus" ,
|
|
CZ => "Czech Republic" ,
|
|
DE => "Germany" ,
|
|
DJ => "Djibouti" ,
|
|
DK => "Denmark" ,
|
|
DO => "Dominican Republic" ,
|
|
DZ => "Algeria" ,
|
|
EC => "Ecuador" ,
|
|
EE => "Estonia" ,
|
|
EG => "Egypt" ,
|
|
ES => "Spain" ,
|
|
EU => "Europe" ,
|
|
FI => "Finland" ,
|
|
FJ => "Fiji" ,
|
|
FM => "Micronesia, Federated States of" ,
|
|
FO => "Faroe Islands" ,
|
|
FR => "France" ,
|
|
GB => "United Kingdom" ,
|
|
GD => "Grenada" ,
|
|
GE => "Georgia" ,
|
|
GG => "Guernsey" ,
|
|
GH => "Ghana" ,
|
|
GI => "Gibraltar" ,
|
|
GL => "Greenland" ,
|
|
GM => "Gambia" ,
|
|
GP => "Guadeloupe" ,
|
|
GR => "Greece" ,
|
|
GT => "Guatemala" ,
|
|
GU => "Guam" ,
|
|
GY => "Guyana" ,
|
|
HK => "Hong Kong" ,
|
|
HN => "Honduras" ,
|
|
HR => "Croatia" ,
|
|
HT => "Haiti" ,
|
|
HU => "Hungary" ,
|
|
ID => "Indonesia" ,
|
|
IE => "Ireland" ,
|
|
IL => "Israel" ,
|
|
IM => "Isle of Man" ,
|
|
IN => "India" ,
|
|
IQ => "Iraq" ,
|
|
IR => "Iran, Islamic Republic of" ,
|
|
IS => "Iceland" ,
|
|
IT => "Italy" ,
|
|
JE => "Jersey" ,
|
|
JM => "Jamaica" ,
|
|
JO => "Jordan" ,
|
|
JP => "Japan" ,
|
|
KE => "Kenya" ,
|
|
KG => "Kyrgyzstan" ,
|
|
KH => "Cambodia" ,
|
|
KN => "Saint Kitts and Nevis" ,
|
|
KR => "Korea, Republic of" ,
|
|
KW => "Kuwait" ,
|
|
KY => "Cayman Islands" ,
|
|
KZ => "Kazakhstan" ,
|
|
LA => "Lao People's Democratic Republic" ,
|
|
LB => "Lebanon" ,
|
|
LI => "Liechtenstein" ,
|
|
LK => "Sri Lanka" ,
|
|
LS => "Lesotho" ,
|
|
LT => "Lithuania" ,
|
|
LU => "Luxembourg" ,
|
|
LV => "Latvia" ,
|
|
LY => "Libyan Arab Jamahiriya" ,
|
|
MA => "Morocco" ,
|
|
MC => "Monaco" ,
|
|
MD => "Moldova, Republic of" ,
|
|
ME => "Montenegro" ,
|
|
MG => "Madagascar" ,
|
|
MH => "Marshall Islands" ,
|
|
MK => "Macedonia" ,
|
|
ML => "Mali" ,
|
|
MM => "Myanmar" ,
|
|
MN => "Mongolia" ,
|
|
MO => "Macau" ,
|
|
MT => "Malta" ,
|
|
MU => "Mauritius" ,
|
|
MV => "Maldives" ,
|
|
MW => "Malawi" ,
|
|
MX => "Mexico" ,
|
|
MY => "Malaysia" ,
|
|
MZ => "Mozambique" ,
|
|
NA => "Namibia" ,
|
|
NC => "New Caledonia" ,
|
|
NF => "Norfolk Island" ,
|
|
NG => "Nigeria" ,
|
|
NI => "Nicaragua" ,
|
|
NL => "Netherlands" ,
|
|
NO => "Norway" ,
|
|
NP => "Nepal" ,
|
|
NR => "Nauru" ,
|
|
NU => "Niue" ,
|
|
NZ => "New Zealand" ,
|
|
OM => "Oman" ,
|
|
PA => "Panama" ,
|
|
PE => "Peru" ,
|
|
PF => "French Polynesia" ,
|
|
PG => "Papua New Guinea" ,
|
|
PH => "Philippines" ,
|
|
PK => "Pakistan" ,
|
|
PL => "Poland" ,
|
|
PR => "Puerto Rico" ,
|
|
PS => "Palestinian Territory" ,
|
|
PT => "Portugal" ,
|
|
PW => "Palau" ,
|
|
PY => "Paraguay" ,
|
|
QA => "Qatar" ,
|
|
RO => "Romania" ,
|
|
RS => "Serbia" ,
|
|
RU => "Russian Federation" ,
|
|
RW => "Rwanda" ,
|
|
SA => "Saudi Arabia" ,
|
|
SB => "Solomon Islands" ,
|
|
SC => "Seychelles" ,
|
|
SD => "Sudan" ,
|
|
SE => "Sweden" ,
|
|
SG => "Singapore" ,
|
|
SI => "Slovenia" ,
|
|
SK => "Slovakia" ,
|
|
SL => "Sierra Leone" ,
|
|
SM => "San Marino" ,
|
|
SN => "Senegal" ,
|
|
SO => "Somalia" ,
|
|
ST => "Sao Tome and Principe" ,
|
|
SV => "El Salvador" ,
|
|
SY => "Syrian Arab Republic" ,
|
|
SZ => "Swaziland" ,
|
|
TH => "Thailand" ,
|
|
TK => "Tokelau" ,
|
|
TN => "Tunisia" ,
|
|
TO => "Tonga" ,
|
|
TR => "Turkey" ,
|
|
TT => "Trinidad and Tobago" ,
|
|
TV => "Tuvalu" ,
|
|
TW => "Taiwan" ,
|
|
TZ => "Tanzania, United Republic of" ,
|
|
UA => "Ukraine" ,
|
|
UG => "Uganda" ,
|
|
US => "United States" ,
|
|
UY => "Uruguay" ,
|
|
UZ => "Uzbekistan" ,
|
|
VA => "Holy See (Vatican City State)" ,
|
|
VE => "Venezuela" ,
|
|
VI => "Virgin Islands, U.S." ,
|
|
VN => "Vietnam" ,
|
|
VU => "Vanuatu" ,
|
|
WS => "Samoa" ,
|
|
YE => "Yemen" ,
|
|
ZA => "South Africa" ,
|
|
ZM => "Zambia" ,
|
|
ZW => "Zimbabwe" ,
|
|
</programlisting>
|
|
</section>
|
|
</article>
|